Skip to content

[examples] Update remark dependency for blog-starter#33313

Merged
kodiakhq[bot] merged 2 commits intovercel:canaryfrom
jonrosner:patch-2
Jan 14, 2022
Merged

[examples] Update remark dependency for blog-starter#33313
kodiakhq[bot] merged 2 commits intovercel:canaryfrom
jonrosner:patch-2

Conversation

@jonrosner
Copy link
Copy Markdown
Contributor

@jonrosner jonrosner commented Jan 14, 2022
edited
Loading

Upgrade remark-html dependency to resolve the critical vulnerability.

Newer versions like 15.0.1 do not work with this example but version 13.0.2 fixes the security issue and still works.

                       === npm audit security report ===

# Run  npm install remark-html@15.0.1  to resolve 1 vulnerability
SEMVER WARNING: Recommended action is a potentially breaking change
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Critical      │ Unsafe defaults in `remark-html`                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ remark-html                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ remark-html                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ remark-html                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-9q5w-79cv-947m            │
└───────────────┴──────────────────────────────────────────────────────────────┘

Bug

  • Related issues linked using fixes #number
  • Integration tests added
  • Errors have helpful link attached, see contributing.md

Feature

  • Implements an existing feature request or RFC. Make sure the feature request has been accepted for implementation before opening a PR.
  • Related issues linked using fixes #number
  • Integration tests added
  • Documentation added
  • Telemetry added. In case of a feature if it's used or not.
  • Errors have helpful link attached, see contributing.md

Documentation / Examples

  • Make sure the linting passes by running yarn lint

@jonrosner
Update package.json
be2bb28 
Upgrade remark-html dependency to resolve the critical vulnerability.

                       === npm audit security report ===

# Run  npm install remark-html@15.0.1  to resolve 1 vulnerability
SEMVER WARNING: Recommended action is a potentially breaking change
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Critical      │ Unsafe defaults in `remark-html`                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ remark-html                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ remark-html                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ remark-html                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ GHSA-9q5w-79cv-947m            │
└───────────────┴──────────────────────────────────────────────────────────────┘
@ijjk ijjk added the examples Issue was opened via the examples template. label Jan 14, 2022
leerob
leerob approved these changes Jan 14, 2022
View reviewed changes
Copy link
Copy Markdown
Contributor

@leerob leerob left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@leerob leerob changed the title Update package.json [examplesUpdate remark dependency for blog-starter Jan 14, 2022
@leerob leerob changed the title [examplesUpdate remark dependency for blog-starter [examples] Update remark dependency for blog-starter Jan 14, 2022
@kodiakhq kodiakhq Bot merged commit 89b8d58 into vercel:canary Jan 14, 2022
@vercel vercel locked as resolved and limited conversation to collaborators Feb 14, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@ijjk ijjk Awaiting requested review from ijjk

@shuding shuding Awaiting requested review from shuding

@steven-tey steven-tey Awaiting requested review from steven-tey

@timneutkens timneutkens Awaiting requested review from timneutkens

1 more reviewer

@leerob leerob leerob approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

examples Issue was opened via the examples template.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jonrosner @leerob @ijjk